Eth0:2012 Winter/GSM hacking

We already know for a while that GSM is insecure, that it's possible to sniff with inexpensive hardware and that operators don't care. It's also possible to run a completely open source GSM base station using OpenBTS and not-so expensive hardware. Time to start playing with GSM!

Dekkers will bring the following hardware for playing with GSM to eth0:

• USRP B100 with RFX1800 daughterboard.[1]
  • I've already managed to get OpenBTS running and do voice calls (using the DECT guard band that doesn't need a permit), but the range for doing voice calls without duplexer/amplifier/etc. is about 2 metres.
• A motorola C115 and a C118
• A Sysmocom USB serial cable (CP2102) [2]
• 2 TB hard disk with partially downloaded A5/1 rainbow tables

The RFX1800 also supports the DECT band, so it might also be possible to play with DECT. I'm currently looking into what other hardware is needed to get a decent coverage with OpenBTS, the biggest problem is sending/receiving crosstalk. As far as I understand a duplexer and low-noise amplifier will give a bigger range, but I don't have a background in RF engineering and still learning a lot of things about RF. References: [3] [4] [5]

DrWhax will bring an motorola c115 and usb <-> serial cable. (hopefully I got all this shipped before saturday.)